CVE-2016-9371
Description
Cross-site scripting vulnerability in Moxa NPort serial device servers allows remote attackers to inject arbitrary web script via unsanitized user input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting vulnerability in Moxa NPort serial device servers allows remote attackers to inject arbitrary web script via unsanitized user input.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in multiple Moxa NPort serial device server models. User-controlled input is not properly neutralized before being reflected in web pages, allowing an attacker to inject arbitrary HTML or JavaScript. Affected versions include NPort 5110 prior to 2.6, NPort 5130/5150 Series prior to 3.6, NPort 5200 Series prior to 2.8, NPort 5400 Series prior to 3.11, NPort 5600 Series prior to 3.7, NPort 5100A Series & NPort P5150A prior to 1.3, NPort 5200A Series prior to 1.3, NPort 5150AI-M12 Series prior to 1.2, NPort 5250AI-M12 Series prior to 1.2, NPort 5450AI-M12 Series prior to 1.2, NPort 5600-8-DT Series prior to 2.4, NPort 5600-8-DTL Series prior to 2.4, NPort 6x50 Series prior to 1.13.11, and NPort IA5450A prior to v1.4 [1].
Exploitation
An unauthenticated attacker can exploit this vulnerability by crafting a malicious URL containing script code in a parameter that is then reflected in the device's web interface. The attacker must trick a victim into clicking the crafted link or visiting a specially crafted page. No authentication or special network position is required; the attack can be performed remotely [1].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser session. This can lead to session hijacking, defacement of the web interface, or theft of sensitive information displayed on the page. While the XSS itself is confined to the browser, it could be leveraged to perform actions on the device with the victim's privileges, potentially leading to further compromise [1].
Mitigation
Moxa has released firmware updates to address this vulnerability. Affected users should upgrade to the following versions or later: NPort 5110 to 2.7, NPort 5130/5150 to 3.7, NPort 5200 to 2.9, NPort 5400 to 3.12, NPort 5600 to 3.8, NPort 5100A/P5150A to 1.4, NPort 5200A to 1.4, NPort 5150AI-M12 to 1.3, NPort 5250AI-M12 to 1.3, NPort 5450AI-M12 to 1.3, NPort 5600-8-DT to 2.5, NPort 5600-8-DTL to 2.5, NPort IA5450A to v1.4, NPort 6000 to 1.16, and NPort 6110 to a fixed version (all versions are affected) [1]. No workarounds are documented.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9- Range: <1.2
- Range: <1.13.11
- Range: <1.4
- Range: <2.8
- Range: <3.11
- Range: <3.7
- Range: <2.4
- Range: <2.6
- Range: <3.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/85965nvdThird Party AdvisoryVDB Entry
- ics-cert.us-cert.gov/advisories/ICSA-16-336-02nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.